Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 264834 (CVE-2009-1241)

Summary: <app-antivirus/clamav-0.95 Detection bypass (CVE-2008-6680,CVE-2009-{1241,1270})
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: antivirus, bernd, net-mail+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 264852, 265545    
Bug Blocks:    

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-04-04 06:56:27 UTC
CVE-2009-1241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1241):
  Unspecified vulnerability in ClamAV before 0.95 allows remote
  attackers to bypass detection of malware via a modified RAR archive.
Comment 1 Torsten Veller (RETIRED) gentoo-dev 2009-04-04 07:08:10 UTC
The ebuild is in the tree.

| *clamav-0.95 (31 Mar 2009)
|  
|   31 Mar 2009; Thomas Raschbacher <lordvan@gentoo.org> +clamav-0.95.ebuild:
|   version bump

As always bumping clamav breaks all the other tools like
bugs: 264820 264836
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-04-04 07:27:07 UTC
(In reply to comment #1)
> The ebuild is in the tree.

Aww, I should do update-eix. :/

> As always bumping clamav breaks all the other tools like
> bugs: 264820 264836

Should we delay the stabling until these issues are resolved?
Comment 3 Thomas Raschbacher gentoo-dev 2009-04-09 11:55:56 UTC
fyi 0.95.1 is added too already ..
Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-04-09 12:09:40 UTC
CVE-2008-6680 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-6680):
  libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause
  a denial of service (crash) via a crafted EXE file that triggers a
  divide-by-zero error.

CVE-2009-1270 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1270):
  libclamav/untar.c in ClamAV before 0.95 allows remote attackers to
  cause a denial of service (infinite loop) via a crafted file that
  causes (1) clamd and (2) clamscan to hang.

Comment 5 Thomas Raschbacher gentoo-dev 2009-04-16 13:03:46 UTC
Can we close this one and instead just concentrate on bug #265545 (<0.95.1 security issue) 
Comment 6 Thomas Raschbacher gentoo-dev 2009-04-16 13:08:04 UTC
adding blocker here anyway .. mail-clamav not added but only on 0.95.1 sec bug.
Comment 7 Pawel Madej aka Nysander 2009-06-07 20:10:18 UTC
shouldn't be affected versions dropped from the tree?
Comment 8 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-09 13:32:02 UTC
GLSA 200903-04
Comment 9 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-09 13:33:12 UTC
err, GLSA 200909-04